CVE Reference: CVE-2013-0262

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-0262

Description:
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

CVE Status:
Candidate

References:

SUSE
  http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

SAID
  Secunia Advisory: SA52033

MISC

CONFIRM
  http://rack.github.com/


Return to the previous page.